Is there a way to see RBAC events for GKE clusters?

Question

I have a GKE cluster that uses a mix of Cloud IAM and cluster RBAC rules for resource access. For granularity, we use RBAC bindings for certain resources on the cluster, but I'm unable to find a place where those events are logged.

How do I see the logs for when cluster RBAC denies a user the permissions to do something? I can only see IAM related logs in Cloud Logging's audit logs. I'd like to know when the cluster itself denies access.

score 1 · Accepted Answer · answered Jun 01 '22 at 09:29

1

You can check the Kube API logs

kubectl proxy &
curl -s http://localhost:8001/logs/kube-apiserver.log

While GKE logs : https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging#viewing_logs

answered Jun 01 '22 at 09:29

Harsh Manvar

27,020
6
48
102

Randy · Answer 2 · 2022-06-01T07:44:40.083

0

You can find the GCP events in the GKE audit logs as described here.

The RBAC related events can be obtained from the kubeapi server as described here

edited Jun 01 '22 at 07:44

answered Jun 01 '22 at 07:36

Randy

1,299
2
10
23

Is there a way to see RBAC events for GKE clusters?

2 Answers2